OK, so a bit of a rant, though for one I gotta give LeapFrog some credits to this. Sure, repairs are a service centre away, and the main market for this device are kids and their parents, but what about the more tech-savvy parents (e.g. geeks or tinkerer types) who'd certainly re-purpose or service their kids' Epics either because it broke down or gone on a boot loop for some reason?

You see the main thing with this is the preloader, or other words the bootloader, is locked from tampering, making it next to impossible to use custom ROMs or kernels. You can somehow subvert this by editing just the system.img offline assuming you extracted it off your device, or in the case of backups, backing up the whole ROM image, boot/recovery and other images included, to a single ROM_0 file, and flashing it back using the hidden Write Memory feature in SP Flash Tool.

The problem is when you need to replace boot.img with a different one - you simply can't. Flashing unsigned images gives out a BROM 6045 (S_SECURITY_SECURE_USB_DL_IMAGE_SIGN_HEADER_NOT_FOUND) error, and if you did manage to do so through the aforementioned Write Memory tool, at most you're stuck with the LeapFrog logo unless a kernel the preloader seems happy with is flashed back.

Granted, I see the reason why LeapFrog had Quanta Computer (i.e. the OEM responsible for manufacturing the Epic) lock the thing down to prevent unauthorised tampering and/or security issues, but what's the point of sending my friend a CD-ROM of the kernel sources? Sure, they'd say it's for auditing purposes or merely for compliance with the GPL, but as the company has had a history of being chill with tinkerers, why wouldn't they at least offer an option to unlock it? It may be of little use to an average parent, and it's moot as you can develop apps without having to poke into the low-level internals, but why not, if one's going to unlock an Epic's bootloader in good faith? We've seen the likes of is0-mick loading up random stuff on their LeapFrog devices, and the lads over at Emeryville doesn't seem to object much - in fact, a company engineer stopped by the Spiffy Hacks forums and told his tale about the LeapTV.

If any one of you LeapFrog employees, like engineers or perhaps just staff members, are reading this right now, I'd be more than happy to have a talk with you. I do understand if you want nothing to do from this especially in this day and age where even electronic toys are scrutinised for security issues, but this isn't about pwning some boy or girl's toy for nefarious means, it's to re-purpose or make the most out of something which would be obsolete in a few years - let's say that one's son or daughter outgrew the tablet or simply got burned out by it, and his mum or dad would like to turn it into some mobile internet device where they could check their emails without being subjected to something infantile. I'd basically be more than happy to recommend your company to anyone who is interested in an educational toy for their children rather than just buy a regular tab and have them play (possibly) inappropriate content on said devices, so as long as you provide us advanced users the means to unlock and repurpose or service these Epics in good faith.

Comments

Hello, were you ever able to get this fixed? I am a mom who evidently bought one of the demo models. Just wondering if this can be fixed. The store I bought it at doesn't have any more so I'd have to go pay full price somewhere else.

So I got my hands on a pair of these units from a friend of mine who was generous enough to donate for free. While getting these in-store demo units to work as a retail device is a pain and a half to do (more on that in a later post), I've had fun modding and poking into the internals to see what can be done with it. There are actually a LOT of hidden and/or dummied out features in the tablet, most of which can be accessed through the open-source Activity Launcher.
For instance, LeapFrog dummied out access to the lock screen settings by removing menu references to said options in Settings. They disabled the AOSP lock screen presumably to save children the (supposed) frustration of having to unlock their device upon using it. It is however possible to re-enable it and add a lock pattern or a simple slide…

Felt like sharing this as most of them South Asian GSM bloggers are, suffice it to say, being scrooges or something, asking for $$$ to have the firmware package's password to be unlocked as a rather low-brow way to earn money. Not that I have anything against them, mind you, but as I said on my previous post, this business model of theirs only serves to inconvenience both clients and technicians alike.
I dumped this off my Galaxy S7 clone, a few weeks or so after I got the phone off the service centre when they repaired it as I made the unfortunate mistake of flashing the wrong ROM. It should work with certain Galaxy S7 replicas using preloader_gxq6580_weg_l.bin as the preloader; mine's the one with the plastic frame and the microphone pin on the wrong side of the device. Firmware info: CPU: MT6580 SW:0000 Ver: CA00Downloading Boot8 ...EMMC Size: 0x01C3000000Flash Type: EMMCINT/EXT RAM Size: 0x0+0x0Reading infr(EMMC)...id:Z6U030HA_V105Enversion:5.1model:gxq6580_weg_lbrand:alp…

Let me say first that while I've been into the Hackintosh scene for like seven or eight years, I am still learning the ropes with some aspects such as DSDT and a few other things. But let me share this install guide for you lads and lasses who are interested in cobbling up a Hackintosh of your own. This guide is mostly based on Elad Nava's El Capitan installation guide, albeit with a few tweaks to account for the new OS and system to be installed on, assuming that you're on a G3258-based system. In my case, I am using a PC with the following specs: ASUS H81M-D (BIOS revision 2204)Pentium G3258 @ 3.2GhzKingston ValueRAM 8GB DDR3 GeForce GTX 750 2GB GDDR5Western Digital WD10EZEX 1TBYou'll also need an existing Mac or PC to prepare the USB stick to be used for installation. There are guides and/or tools out there that allow for a doing so without a Mac, but I'm not sure about that myself. If you don't have an existing Mac, I recommend using a virtual machine image f…